New record theft: Bitcoin loot is worth 14.5 billion US dollars today

The scale of a recently uncovered Bitcoin theft dwarfs anything ever seen before: cyber criminals are said to have stolen 127,426 Bitcoins from a Chinese mining pool –, which is now worth 14.5 billion US dollars. What is special about this case is that it happened almost five years ago, but has only now been made public by the blockchain analysis portal Arkham Intelligence.

The Chinese Bitcoin mining pool LuBian, which ceased its activities in spring 2021, is affected. In such pools, Bitcoin miners can pool their computing capacities to mine Bitcoin together and share the proceeds among themselves. LuBian was once one of the largest pools on the market: up to six percent of the global hashrate was accounted for by the pool, which according to Arkham was also based in Iran as well as China.

Masses of bitcoins stolen

But on December 28, 2020, an unprecedented attack on LuBian's Bitcoin holdings took place, according to Arkham. Unknown attackers managed to carry out mass transactions from LuBian's wallets to their own. The transactions can still be traced on the Arkham Intelligence website. However, the fact that this was a cyberattack has only now become public knowledge. It is not clear from the Arkham report why this is the case.

Dozens of transactions show how masses of Bitcoins are changing hands unlawfully. Arkham speaks of 90 percent of LuBian's Bitcoin assets being stolen at that moment. On December 29, the actors struck again: they stole another 154 Bitcoins, which at the time amounted to 4.18 million US dollars.

LuBian's first major and visible reaction to the disaster was on December 31, 2020, when the operators moved 11,886 bitcoins to a recovery wallet, which they still hold today. This now corresponds to a value of around 1.3 billion US dollars.

Desperate attempts at contact

The billion-dollar coup was apparently made possible by weak encryption, which the cybercriminals cracked. According to Arkham, LuBian only used a 32-bit entropy to generate private keys. Modern security standards use at least 128 bits.

In the days following the theft, LuBian made 1516 transactions with very small amounts of Bitcoin to the attackers' wallets in an attempt to contact them with OP_RETURN notes. These notes can be stored in the blockchain during a transaction and are saved permanently. They are often used as timestamps, for example. LuBian tried to persuade the crypto thieves to negotiate by email instead. However, this was unsuccessful.

LuBian then ceased its mining activities completely in spring 2021. LuBian or the attackers themselves have never commented on the incident. What remains is a theft of unprecedented scale that only became known years later. At the Bitcoin exchange rate at the time, the damage amounted to 3.5 billion US dollars, almost three times the previous largest known theft, which hit the crypto exchange Bybit in spring 2025, and at today's exchange rate, almost ten times the amount at 14.5 billion US dollars. Bitcoins worth 1.3 billion US dollars were stolen. The fact that a much more drastic case occurred around four and a half years earlier and has remained unknown until now shows. Even if bitcoin transactions are publicly visible, it can be extremely complex to trace the real processes behind them.

(nen)